Owen Smith Tweets Login Data to 16,000 Followers

Slack AliceSlogger, Infosecurity Magazine

File under “major situational awareness issues”: A picture tweeted out by Labour’s leadership contender Owen Smith’s team inadvertently showed 16,000 people how to log into the Pontypridd MP’s phone bank system.

The pic showed the candidate at a phone canvassing session—along with a sign in the background showing the web address, ID, username, and password required to log in.

The campaign has more than 16,000 Twitter followers, who wasted no time taking to the tweet-waves to comment. Some took a political stand: “Owen Smith's team have the absolute cheek to accuse @jeremycorbyn of ‘incompetence’ the day after this!”

One noted the ironic password – “Survation,” which is the name of a prominent polling company. Jo Phillips tweeted, “weirdest thing about Owen Smith password issue isn't they posted their security details, it's what the password is ??”

Some immediately saw the pranktastic possibilities (before sheepishly backing off): “Okay, hands up if you've just changed Owen Smith's password on the sly for him. (Disclaimer: I most certainly have not accessed his account).”

The password was quickly changed, before any unauthorized users could take advantage of the situation, a spokesman told Buzzfeed: “These were the login details for our campaign phone bank system. The details were changed as soon as we were made aware of them being inadvertently posted on Twitter and the tweet was then immediately deleted. We can confirm that there was no data breach.”

Bottom line: This was a rookie mistake that made this slogger chuckle and, arguably, a golden, missed opportunity for anyone looking to make life difficult for Smith as the Labour party continues to be roiled by in-fighting.

“There’s going to be some red faces in the Owen Smith campaign office,” Ed Macnair, CEO, CensorNet, told us. “Clearly no harm was done, but it’s a perfect example of people being a huge security risk. Humans make mistakes, but those mistakes often lead to far bigger problems, particularly where security is involved.”

He added, “Tweeting a photo of security credentials—no matter what they are for—is a stupid mistake and it indicates a lack of thought about even the most basic security needs. It’s a perennial problem and we need to do better at educating the nation on the dangers. While this incident might have evoked laughs, the next time may not be quite so funny.”